Puppet Enterprise’s MCollective can be configured to enable new actions, modify existing actions, restrict actions, and prevent run failures on non-PE nodes.

Disabling MCollective on Some Nodes

By default, PE enables and configures MCollective on all agent nodes. This is generally desirable, but the Puppet code that manages this will not work on non-PE agent nodes, and will cause Puppet run failures on them.

Restricting MCollective Actions

Unsupported Features

Adding New MCollective Users and Integrating Applications

Adding new users is not supported in Puppet Enterprise. Future versions of PE may change MCollective’s authentication backend, which will block additional users from working until they are updated to use the new backend. We plan to include an easy method to add new users in a future version of PE.

In the meantime, if you need to add a new user in order to integrate an application with PE, you can:

Write a Puppet module to distribute the new client’s public key into the ${pe_mcollective::params::mco_etc}/ssl/clients/ directory. This class must use include pe_mcollective to ensure that the directory can be located.

Assign that Puppet class to the PE MCollective group in the PE console.

Again, this process is unsupported and may require additional work during a future upgrade.